General

  • Target

    dd6e84545935c73f8042ff869_JC.exe

  • Size

    690KB

  • Sample

    230729-qdqz7sdg8y

  • MD5

    bae09d2e5fa03fd22a13eec99759dd84

  • SHA1

    37c17c633701642a8fadaf05db845166f8ae07cb

  • SHA256

    dd6e84545935c73f8042ff869d3445f6c2ddb21bca590c17a14b0b996f000e2b

  • SHA512

    aad7766ab88800d648898a9daa16977c8f08170520993e1a9397a5793ceafbcc0d42223c9ed01e88c686fa6da88d21bccfa52ddd059fe736aff8e4981832bf7b

  • SSDEEP

    12288:O5qIkPt46c7ujzCWSD6IYkcvUAocGZTayAXOpixrBbH9jfITLPPb2Ik:AqIwwQCmkKGwepKbHNfoHb2I

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.libreriaeltorreon.cl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Servicios1

Targets

    • Target

      dd6e84545935c73f8042ff869_JC.exe

    • Size

      690KB

    • MD5

      bae09d2e5fa03fd22a13eec99759dd84

    • SHA1

      37c17c633701642a8fadaf05db845166f8ae07cb

    • SHA256

      dd6e84545935c73f8042ff869d3445f6c2ddb21bca590c17a14b0b996f000e2b

    • SHA512

      aad7766ab88800d648898a9daa16977c8f08170520993e1a9397a5793ceafbcc0d42223c9ed01e88c686fa6da88d21bccfa52ddd059fe736aff8e4981832bf7b

    • SSDEEP

      12288:O5qIkPt46c7ujzCWSD6IYkcvUAocGZTayAXOpixrBbH9jfITLPPb2Ik:AqIwwQCmkKGwepKbHNfoHb2I

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks